BitCoinMiner

[black_angel1]

zdravím

opet problem s BitCoinMinerom

Malwarebytes Anti-Malware ho stale hlási

ComboFix 13-11-03.02 - admin . 11. 2013 6:50.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.4029.2048 [GMT 1:00]
Running from: c:\users\admin\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Temp\tsiVi132.dll
c:\windows\SysWow64\UsbLibrary.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-10-04 to 2013-11-04 )))))))))))))))))))))))))))))))
.
.
2013-11-04 05:56 . 2013-11-04 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-04 05:55 . 2013-11-04 05:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE1F89F2-0C4E-481B-A0CB-9393AACB78EF}\offreg.dll
2013-11-01 09:27 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE1F89F2-0C4E-481B-A0CB-9393AACB78EF}\mpengine.dll
2013-10-29 06:15 . 2013-10-18 01:36 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-29 06:15 . 2013-10-18 01:36 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-29 06:13 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-10-29 06:13 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-10-23 05:53 . 2013-10-23 05:53 -------- d-----w- c:\users\admin\AppData\Local\NVIDIA
2013-10-23 05:48 . 2013-10-23 05:48 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-10-23 05:45 . 2013-10-29 06:14 -------- d-----w- c:\users\UpdatusUser
2013-10-23 05:39 . 2013-09-27 23:01 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-10-23 05:39 . 2013-06-16 12:38 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-10-23 05:39 . 2013-06-16 12:38 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-10-23 05:39 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-10-23 05:39 . 2013-10-16 00:48 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-23 05:39 . 2013-10-23 10:30 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-23 05:39 . 2013-10-16 00:48 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-23 05:30 . 2013-10-23 05:30 -------- d-----w- C:\NVIDIA
2013-10-21 05:38 . 2013-10-21 05:39 -------- d-----w- C:\AdwCleaner
2013-10-18 14:04 . 2013-10-18 14:04 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-10-18 14:03 . 2013-10-18 14:03 -------- d-----w- c:\programdata\Malwarebytes
2013-10-18 14:03 . 2013-10-18 14:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-18 14:03 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-18 12:53 . 2013-10-18 12:53 -------- d-----w- c:\program files\CCleaner
2013-10-18 07:07 . 2013-10-18 07:07 -------- d-----w- c:\users\admin\AppData\Roaming\NVIDIA
2013-10-18 07:02 . 2012-10-25 20:50 113664 ----a-w- c:\windows\system32\zdnPMU.dll
2013-10-18 07:02 . 2012-10-25 20:50 113664 ----a-w- c:\windows\system32\zdnPMS.dll
2013-10-18 07:01 . 2013-10-18 13:00 -------- d-----w- c:\users\admin\AppData\Local\CrashDumps
2013-10-18 07:00 . 2013-10-18 07:00 -------- d-----w- c:\programdata\Zebra Technologies
2013-10-18 07:00 . 2013-10-18 07:00 -------- d-----w- c:\program files (x86)\Zebra Technologies
2013-10-18 07:00 . 2013-10-18 07:00 -------- d-----w- c:\program files (x86)\Common Files\EuroPlus Shared
2013-10-18 06:59 . 2010-11-22 19:50 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2013-10-18 06:59 . 2013-10-18 07:00 -------- dc-h--w- c:\programdata\{36B66087-D81E-44BD-80ED-342FF8C9D3D0}
2013-10-17 07:15 . 2013-10-17 07:15 -------- d-----w- c:\programdata\Oracle
2013-10-17 07:15 . 2013-10-17 07:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-17 07:14 . 2013-10-17 07:14 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 07:13 . 2013-10-17 07:13 -------- d-----w- c:\program files (x86)\Java
2013-10-15 06:06 . 2013-10-15 06:06 -------- d-----w- c:\users\admin\AppData\Roaming\Zoner
2013-10-15 06:06 . 2013-10-15 06:06 -------- d-----w- c:\users\admin\AppData\Local\Zoner
2013-10-15 06:06 . 2013-10-15 06:06 -------- d-----w- c:\programdata\Zoner
2013-10-15 06:05 . 2013-10-15 06:05 -------- d-----w- c:\program files\Zoner
2013-10-12 21:30 . 2013-11-01 09:10 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-10-10 03:34 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-23 10:30 . 2013-08-19 16:59 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2013-08-19 16:59 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-23 10:30 . 2013-02-25 22:32 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2013-02-25 22:32 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2013-02-25 22:32 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2013-02-25 22:32 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2013-02-25 22:32 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 08:20 . 2013-08-19 16:59 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-08-19 16:59 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-08-19 16:59 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-08-19 16:59 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-08-19 16:59 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-23 08:20 . 2013-08-19 16:59 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-08-19 16:59 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-11 01:08 . 2013-08-21 04:52 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 19:52 . 2013-08-20 05:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:52 . 2013-08-20 05:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 01:43 . 2013-08-19 13:33 812240 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 03:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-21 01:51 . 2013-08-21 01:51 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-21 01:51 . 2013-08-21 01:51 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-21 01:51 . 2013-08-21 01:51 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-21 01:51 . 2013-08-21 01:51 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-21 01:51 . 2013-08-21 01:51 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-08-21 01:51 . 2013-08-21 01:51 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-21 01:51 . 2013-08-21 01:51 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-21 01:51 . 2013-08-21 01:51 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-21 01:51 . 2013-08-21 01:51 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-21 01:51 . 2013-08-21 01:51 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-21 01:51 . 2013-08-21 01:51 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-21 01:51 . 2013-08-21 01:51 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-21 01:51 . 2013-08-21 01:51 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-21 01:51 . 2013-08-21 01:51 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-21 01:51 . 2013-08-21 01:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-21 01:51 . 2013-08-21 01:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-21 01:51 . 2013-08-21 01:51 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-21 01:51 . 2013-08-21 01:51 441856 ----a-w- c:\windows\system32\html.iec
2013-08-21 01:51 . 2013-08-21 01:51 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-21 01:51 . 2013-08-21 01:51 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-21 01:51 . 2013-08-21 01:51 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-08-21 01:51 . 2013-08-21 01:51 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-21 01:51 . 2013-08-21 01:51 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-08-21 01:51 . 2013-08-21 01:51 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-08-21 01:51 . 2013-08-21 01:51 235008 ----a-w- c:\windows\system32\url.dll
2013-08-21 01:51 . 2013-08-21 01:51 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-21 01:51 . 2013-08-21 01:51 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-21 01:51 . 2013-08-21 01:51 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-21 01:51 . 2013-08-21 01:51 204800 ----a-w- c:\windows\SysWow64\webcheck.dll
2013-08-21 01:51 . 2013-08-21 01:51 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-21 01:51 . 2013-08-21 01:51 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-21 01:51 . 2013-08-21 01:51 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-21 01:51 . 2013-08-21 01:51 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-08-21 01:51 . 2013-08-21 01:51 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-21 01:51 . 2013-08-21 01:51 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-21 01:51 . 2013-08-21 01:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-21 01:51 . 2013-08-21 01:51 149504 ----a-w- c:\windows\system32\occache.dll
2013-08-21 01:51 . 2013-08-21 01:51 144896 ----a-w- c:\windows\system32\wextract.exe
2013-08-21 01:51 . 2013-08-21 01:51 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-21 01:51 . 2013-08-21 01:51 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-08-21 01:51 . 2013-08-21 01:51 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-21 01:51 . 2013-08-21 01:51 13824 ----a-w- c:\windows\system32\mshta.exe
2013-08-21 01:51 . 2013-08-21 01:51 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-21 01:51 . 2013-08-21 01:51 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-08-21 01:51 . 2013-08-21 01:51 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-21 01:51 . 2013-08-21 01:51 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-21 01:51 . 2013-08-21 01:51 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-08-21 01:51 . 2013-08-21 01:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-21 01:51 . 2013-08-21 01:51 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-21 01:51 . 2013-08-21 01:51 102912 ----a-w- c:\windows\system32\inseng.dll
2013-08-21 01:47 . 2013-08-21 01:47 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-21 01:47 . 2013-08-21 01:47 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-08-21 01:47 . 2013-08-21 01:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-08-21 01:47 . 2013-08-21 01:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-21 01:47 . 2013-08-21 01:47 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-08-21 01:47 . 2013-08-21 01:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-08-21 01:47 . 2013-08-21 01:47 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-08-21 01:47 . 2013-08-21 01:47 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-08-21 01:47 . 2013-08-21 01:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-08-21 01:47 . 2013-08-21 01:47 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-21 01:47 . 2013-08-21 01:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-21 01:47 . 2013-08-21 01:47 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-08-21 01:47 . 2013-08-21 01:47 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-08-21 01:47 . 2013-08-21 01:47 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-21 01:47 . 2013-08-21 01:47 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-21 01:47 . 2013-08-21 01:47 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-19 13:25 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-19 13:25 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-19 13:25 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-09-13 01:45 1724616 ----a-w- c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-09-13 01:45 1724616 ----a-w- c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-09-13 01:45 1724616 ----a-w- c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18706176]
"SkyDrive"="c:\users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-19 257136]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-09-27 801816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2013-06-27 4769352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswVmm;aswVmm; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 StnPport;PCIe to Multi Mode Parallel Port;c:\windows\system32\DRIVERS\StnPport.sys;c:\windows\SYSNATIVE\DRIVERS\StnPport.sys [x]
R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe;c:\program files\AVAST Software\Avast Business\AvastNet.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OfficeSvc;Služba balíka Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 ServiceTimeSyncClient;Time-Sync Client;c:\program files (x86)\Time-Sync\TimeSyncServiceClient.exe;c:\program files (x86)\Time-Sync\TimeSyncServiceClient.exe [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20 19:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-19 13:25 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-19 13:25 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-19 13:25 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-06-27 08:36 133840 ----a-w- c:\program files\AVAST Software\Avast Business\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.11.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1f5i82qd.default\
FF - ExtSQL: 2013-09-18 13:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1f5i82qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKLM-Run-ST7501 - (no file)
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-04 06:58:25
ComboFix-quarantined-files.txt 2013-11-04 05:58
.
Pre-Run: 425 319 075 840 bytes free
Post-Run: 427 129 872 384 bytes free
.
- - End Of File - - F28A9217C4A07EF265924AB3F30A04F3
A36C5E4F47E84449FF07ED3517B43A31

[JaRon]

ahoj,
vloz log z MBAM a pridaj aj log z MBAR (antirootkit)

[black_angel1]

Tak ze MBAR nenasiel nic

rano som to ale prebehol combofixom a este som neresetol pc

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.11.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
admin :: ADMIN-PC [administrátor]

4. 11. 2013 8:03:02
mbam-log-2013-11-04 (08-03-02).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 394061
Uplynutý čas: 1 hod, 11 min, 6 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

[JaRon]

prescanuj s MBAR http://forum.viry.cz/viewtopic.php?f=13 ... r#p1265264
ak nic nenajde mozme temu povazovat za ukoncenu

[black_angel1]

MBAR nenasiel nic tak je to asi v pohode

tak dakujem za pomoc

[JaRon]

za malicko